[unisog] How Many Using RT/RTIR For Incident Reporting & Tracking?

Phil Rodrigues phil.rodrigues at nyu.edu
Sat Apr 1 14:39:54 GMT 2006

Valdis.Kletnieks at vt.edu wrote:
> What *I* want to know is how the 5 of them handled 5,000 incidents in 5
> months.  That's 200 per person per month - assuming 4 50-hour work weeks in
> a month, they have to close out an incident an hour on the average.

Our actual acted upon total was much lower than that, only about 70 per 
person per month.  (After we throw away a little bit of spam, some 
automated ticket notifications from other systems, and things we simply 
do not care about.)

However, we are the people that detect the majority of the incidents in 
our network, as do a lot of IT Security offices I would imagine.  But 
when the detection of the incident is by an automated system, the ticket 
is created by an automated system, and the notification of the 
responsible party is by an automated system - each incident does take 
very little human time.

There are certainly burst events when a single person handles 200 
incidents in the week they are on-call.  I'd guess 100 of those get 
created and mailed automatically, leaving the human to answer questions 
about them and follow up on them.  RT helps us keep track of all of 
those tickets, and make sure they all get resolved.

RT was the perfect glue in the middle of our ongoing automated detection 
and notification systems.  It was open enough and stable enough for us 
to integrate in our other processes.  And if we needed help there was a 
responsive company on the other end of the line who could give us some 


More information about the unisog mailing list